Many products today include embedded computing systems, from the space shuttle to hand-held gaming pods, and therefore operate according the same underlying principles. A series of computing instructions, called a “program”, an “application”, or an “executable”, are read into a memory device of the computing system, and then executed by one or more computational processing units (CPUs). As a result of executing these computing instructions, the computing system will perform a series of actions on behalf of the user, such as display a web page on a home computer, or auto-dial a phone number on a cell phone, for example.
The computing instructions are known as “software”, and are executed using the components of the computing system, known as “hardware”. Many embedded computing systems, such as the embedded computing systems incorporated in microwaves, have a predetermined set of instructions, running the same program repeatedly. This type of program is fixed, and consequently does not allow the user of the system to change the manner in which it functions by re-programming or adding additional functions/applications. Other products, such as personal computers and mainframes, allow the creation and installation of a variety of programs.
One of the most important advances in computing was the segregation of system function software and application software. The software that relates to system functions is called the Operating System (OS). This set of instructions is responsible for creating a steady-state computing environment within which a variety of application programs can be executed. This segregation of Operating Systems and applications has enabled the development of thousands of programs which can be installed on millions of computing systems around the world. Some programs, such as operating systems (OS), become standardized and are mass-distributed in identical form to millions of users. The most common example of a standard OS is the Windows® operating system developed by Microsoft®. Other typical examples of operating systems with similar flexibility include Linux®, MacOS®, and PalmOS®—each having the capacity to run a variety of custom applications.
Numerous software development companies mass-produce software, frequently releasing new and updated applications to the public. Large software engineering firms develop and release complex applications for use on millions of computing systems. Months are spent developing and testing new applications until a level of quality and functionality is reached, whereupon development is “frozen”. Then, the application (or upgrade), potentially containing millions of lines of code, is written onto distribution media and released for sale. All purchasers of this particular software release will receive an identical copy of the new application for their own use.
Distribution of identical copies of software enables software development companies to more easily support and train high volumes of customers, because each copy of the application software has known and consistent behavior—the exact same multi-million lines of code are on every system. However, the same computing logic flaws that create computer security vulnerabilities are also the same on every system. Examples of replicated computer security vulnerabilities can be found in every operating system and application on the market. Malicious and resourceful programmers, called “hackers”, find the flaws in computing logic, and using such knowledge, gain unauthorized access to the computing resources of large numbers of computers. With unauthorized access, the hackers then can perform unwanted and malicious functions. A hacker can totally disable a computing system, or just silently perform unauthorized functions. Unauthorized functions include, but are not limited to, data modification, remote control of computing resources, and theft of personal information (identity theft).
One of the more popular hacking techniques is to release a “computer virus”—a program which replicates itself much like the common cold. A computer virus exploits the logic flaws inherent in software, enabling it to spread from one computer to another, infecting each along the way. The result is mass replication and spread to many other computing systems that also run the same software and have the same computer security vulnerability, resulting in lost time, lost data, and lost productivity. For example, in 2003 the economic impact of computer viruses in the United States was said to be over $55 Billion.
In an attempt to control such breaches in computer security, numerous software companies create “security patches” and “anti-virus software” intended to seal holes in the computing logic applications ranging from Operating Systems to Internet Browsers, are all now subject to constant software updates as a means of removing these flaws. Once a logic flaw or a new computer virus is discovered, software companies release modifications (i.e. patches or inoculations) to the application in an attempt to correct the flaw or “plug the hole”, or to remove the new virus from computing systems. Unfortunately, after a logic flaw has been found, for example, due to the spread of a computer virus, some damage has already been done to many computing systems that run the vulnerable software. For many the effort is too little, too late.
Even after a new security patch is released, or after a new revision of anti-virus software has been distributed, millions of computing systems still get infected by computer viruses. This happens because many computer users never install the new security patch, or do not obtain the new revision of anti-virus software. Some computer users do not have anti-virus software at all, and those that do have antivirus software may not patch their applications in time to stop the infection. All in all, this reactive approach to controlling computer viruses means that infection of some computing systems is inevitable. Since 1986, Microsoft has release over 350 patches to their applications. Symantec, a leading antivirus software company, has released over 66,000 “inoculations” as of April, 2004. Nevertheless, computer viruses are still a serious threat to computers all over the world, continuing to cause unacceptable levels of economic damage.
Operating systems from the top three development companies, Microsoft, Apple and Sun, are widely known to comprise 30, 20 and 15 million lines of code respectively, not including the code contained in numerous patches that are frequently released. The shear complexity and enormity of these applications inevitably results in logic flaws and vulnerabilities. Most software companies work diligently to reduce the occurrence of software flaws and vulnerabilities, but the size of the code base makes it impossible to release perfect applications all the time. Knowing this, hackers continually look for flaws and vulnerabilities so as to exploit them, confident that a weakness in one system means a weakness in the millions of computer systems that are running identical software.
As code size and complexity increases, the likelihood of introducing logic flaws and security vulnerability also increases. Extrapolating these trends suggests that hackers will increasingly have an advantage for the foreseeable future. Even though the major software vendors continue to patch and inoculate computer systems, the industry continues to find itself one step behind the hackers, because the flaws and vulnerabilities must first be exposed by successful hacker attacks, with the attendant cost and inconvenience. Only after potentially expensive damage has been done can a fix be developed and manufactured, and then distributed to at least some of the millions of vulnerable users.
Present day antivirus strategies include detecting the digital footprint of a virus, and then sequestering it until an end-user can decide on a course of action. The digital footprint of a virus is determined by examining known viruses to determine how they function, and how they affect computing systems. There are numerous ways in which a virus might try to infect a computing system, such as placing new files on a system, changing existing files (e.g., by addition, modification, or deletion of contents), or forcing a system to act contrary to it's programming (e.g., buffer overflow).
These antivirus strategies are based upon the same flawed principles—they all require the actual existence of a virus, infection by the virus, and observation of the harmful effects of the virus, to determine a footprint. Consequently, many systems are infected before a defense against the virus can be devised. Also, such known anti-virus strategies demand repeated scanning of all or most of the files on a computing system by anti-virus software, even though most of the files on an infected computing system are harmless, thereby collectively wasting enormous amounts compute power. Further, known anti-virus strategies require the widespread distribution of updates to antivirus software to in order to counteract new viruses, costing users millions of dollars in service contracts, as well as even higher losses accrued as a result of the negative impact on systems which do not contain antivirus software.
Further, known anti-virus strategies are so ineffective that additional security resources must also be employed to decrease risk of cyber-attack, at yet further cost. These additional security resources may include a device called a “firewall”, which attempts to detect and remove malignant code before it reaches a computing system, or renders a system less “visible” in an attempt to protect it from probing by hackers. Owners and managers of computing systems may also be forced to turn off resources such as certain Internet service ports in order to protect vulnerabilities in flawed logic.
Nevertheless, current methods and equipment, alone or in combination, have failed to stop the infection and spread of computer viruses.